Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer running slow, a lot of malware


  • Please log in to reply
4 replies to this topic

#1 kevcheng

kevcheng

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 20 February 2014 - 12:30 AM

i did a malware scan, here is the log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.20.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
kenny :: D630-KENNY [administrator]
 
2/19/2014 10:47:36 PM
MBAM-log-2014-02-20 (00-26-59).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299373
Time elapsed: 1 hour(s), 29 minute(s), 54 second(s)
 
Memory Processes Detected: 2
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Savingsbull) -> 5600 -> No action taken.
C:\Program Files\SavingsBullFilter\SavingsbullFilterService.exe (PUP.Optional.SavingsBull.A) -> 2880 -> No action taken.
 
Memory Modules Detected: 2
C:\Program Files\SavingsBullFilter\nfapi.dll (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\SavingsBullFilter\ProtocolFilters.dll (PUP.Optional.SavingsBull.A) -> No action taken.
 
Registry Keys Detected: 34
HKLM\SYSTEM\CurrentControlSet\Services\Level Quality Watcher (PUP.Optional.Savingsbull) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\SavingsbullFilterService (PUP.Optional.SavingsBull.A) -> No action taken.
HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (PUP.Optional.ShopperPro.A) -> No action taken.
HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413} (PUP.Optional.ShopperPro.A) -> No action taken.
HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} (PUP.Optional.ShopperPro.A) -> No action taken.
HKCR\ShopperPro.ShopperProBHO.1 (PUP.Optional.ShopperPro.A) -> No action taken.
HKCR\ShopperPro.ShopperProBHO (PUP.Optional.ShopperPro.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (PUP.Optional.ShopperPro.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (PUP.Optional.ShopperPro.A) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110311551110} (PUP.Optional.iWebar.A) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440344554410} (PUP.Optional.iWebar.A) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550355555510} (PUP.Optional.iWebar.A) -> No action taken.
HKCR\CrossriderApp0035510.BHO.1 (PUP.Optional.iWebar.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110} (PUP.Optional.iWebar.A) -> No action taken.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> No action taken.
HKCR\CLSID\{0d97db6b-c9b0-4c07-98b7-818628ab37e2} (PUP.Optional.PassShow.A) -> No action taken.
HKCR\TypeLib\{04e2b965-08d5-45ff-8f70-8c4cf5fbe3c3} (PUP.Optional.PassShow.A) -> No action taken.
HKCR\Interface\{1e4d92e5-c11f-4cdc-9feb-a5016cf8805e} (PUP.Optional.PassShow.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D97DB6B-C9B0-4C07-98B7-818628AB37E2} (PUP.Optional.PassShow.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\711b30bb-9a27-492e-96b8-946705ab6197 (PUP.Optional.PassShow.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar (PUP.Optional.iWebar.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro (PUP.Optional.ShopperPro.A) -> No action taken.
HKCR\CrossriderApp0035510.BHO (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0035510.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0035510.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCU\SOFTWARE\iWebar (PUP.Optional.iWebar.A) -> No action taken.
HKCU\Software\PassShow (PUP.Optional.PassShow.A) -> No action taken.
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> No action taken.
HKCU\Software\InstalledBrowserExtensions\iWebar (PUP.Optional.iWebar.A) -> No action taken.
HKLM\SOFTWARE\iWebar (PUP.Optional.iWebar.A) -> No action taken.
HKLM\SOFTWARE\Savings Bull (PUP.Optional.SavingsBull.A) -> No action taken.
HKLM\SOFTWARE\SavingsBull Filter (PUP.Optional.SavingsBull.A) -> No action taken.
HKLM\SOFTWARE\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.OpenCandy) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP57E573AA-C0D5-441B-BC47-2CE5479DA81C&SSPV=) Good: (http://www.google.com) -> No action taken.
 
Folders Detected: 13
C:\Program Files\PassShow (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\SavingsBullFilter (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\iWebar (PUP.Optional.iWebar.A) -> No action taken.
C:\Program Files\ShopperPro (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\FireFox (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\FireFox\content (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\JSDriver (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShopperPro (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\0E6FE287183E41CFBE714B4AD115AC87 (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\352E139793A0449AB2E52207757E3DEC (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\FB1F35E956D44E4F91E2B7884DC8E009 (PUP.Optional.OpenCandy) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> No action taken.
 
Files Detected: 89
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Savingsbull) -> No action taken.
C:\Program Files\SavingsBullFilter\SavingsbullFilterService.exe (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShopperPro\ShopperPro.dll (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\iWebar\iWebar-bho.dll (PUP.Optional.iWebar.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShopperPro\ShopperPro64.dll (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\0E6FE287183E41CFBE714B4AD115AC87\dlm.exe (PUP.Optional.OpenCandy.A) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\352E139793A0449AB2E52207757E3DEC\dlm.exe (PUP.Optional.OpenCandy.A) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\FB1F35E956D44E4F91E2B7884DC8E009\dlm.exe (PUP.Optional.OpenCandy.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\nsi50E.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\nsn500.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\nsp514.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\nst511.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\nsv506.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\nsw58F.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\nse503.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\dlm4F0.tmp\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\nsf4FA\SpSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\Install_2834\shopperpro.exe (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\Install_2834\ytd.exe (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\is-2J000.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\is-RV37D.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temporary Internet Files\Content.IE5\FVS58BEQ\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\kenny\Local Settings\Temporary Internet Files\Content.IE5\H8UWQYFD\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
c:\documents and settings\kenny\local settings\temporary internet files\content.ie5\vjz7f9a5\soft32downloader[1].exe (PUP.Optional.AdBundle) -> No action taken.
C:\Documents and Settings\kenny\My Documents\Downloads\any video converter freeware setup.exe (PUP.Optional.Soft32.A) -> No action taken.
C:\Program Files\ShopperPro\ShopperPro.dll (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\ShopperPro64.dll (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\YTDownloader\Updater.exe (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\iWebar\iWebar-bg.exe (PUP.Optional.iWebar.A) -> No action taken.
C:\Program Files\iWebar\iWebar-buttonutil.exe (PUP.Optional.iWebar.A) -> No action taken.
C:\Program Files\iWebar\utils.exe (PUP.Optional.CrossRider.A) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> No action taken.
C:\RECYCLER\S-1-5-21-57989841-1383384898-842925246-1006\Dc34.exe (PUP.Optional.OptimumInstaller.A) -> No action taken.
C:\temp\InstallFilter32.msi (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\PassShow\154.xpi (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\PassShow\154.crx (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\PassShow\154.dat (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\PassShow\154.dll (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\PassShow\a.db (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\PassShow\b.db (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\PassShow\PsUP.exe (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\PassShow\Sqlite3.dll (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\PassShow\Uninstall.exe (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\SavingsBullFilter\sample.dll (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\SavingsBullFilter\Installbat.dll (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\SavingsBullFilter\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\SavingsBullFilter\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\SavingsBullFilter\netfilter.sys (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\SavingsBullFilter\nfapi.dll (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\SavingsBullFilter\nfregdrv.exe (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\SavingsBullFilter\ProtocolFilters.dll (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\SavingsBullFilter\SvcConfig.exe (PUP.Optional.SavingsBull.A) -> No action taken.
C:\Program Files\SavingsBullFilter\SvcControl.exe (PUP.Optional.SavingsBull.A) -> No action taken.
C:\WINDOWS\Tasks\PassShow Update.job (PUP.Optional.PassShow.A) -> No action taken.
C:\Program Files\iWebar\background.html (PUP.Optional.iWebar.A) -> No action taken.
C:\Program Files\iWebar\35510.xpi (PUP.Optional.iWebar.A) -> No action taken.
C:\Program Files\iWebar\Installer.log (PUP.Optional.iWebar.A) -> No action taken.
C:\Program Files\iWebar\iWebar-buttonutil.dll (PUP.Optional.iWebar.A) -> No action taken.
C:\Program Files\iWebar\iWebar-helper.exe (PUP.Optional.iWebar.A) -> No action taken.
C:\Program Files\iWebar\iWebar.ico (PUP.Optional.iWebar.A) -> No action taken.
C:\Program Files\iWebar\Uninstall.exe (PUP.Optional.iWebar.A) -> No action taken.
C:\WINDOWS\Tasks\iWebar-codedownloader.job (PUP.Optional.iWebar.A) -> No action taken.
C:\WINDOWS\Tasks\iWebar-enabler.job (PUP.Optional.iWebar.A) -> No action taken.
C:\WINDOWS\Tasks\iWebar-firefoxinstaller.job (PUP.Optional.iWebar.A) -> No action taken.
C:\WINDOWS\Tasks\ShopperPro.job (PUP.Optional.YouTubeAccelerator.A) -> No action taken.
C:\Program Files\ShopperPro\manifest.json (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\config.json (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\database1_0_0.json (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\ShopperPro.crx (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\ShopperPro.exe (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\ShopperPro.zip (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\SPRemove.exe (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\Updater.exe (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\FireFox\chrome.manifest (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\FireFox\install.rdf (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\FireFox\content\overlay.js (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\FireFox\content\overlay.xul (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\FireFox\content\shopperpro_128.png (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\JSDriver\jsdrv.exe (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Program Files\ShopperPro\JSDriver\jsdrv.sys (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShopperPro\config.json (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShopperPro\database1_0_0.json (PUP.Optional.ShopperPro.A) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\0E6FE287183E41CFBE714B4AD115AC87\Setup2200393_US-EN.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\0E6FE287183E41CFBE714B4AD115AC87\TuneUpUtilities2014_2200393_en-US.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\352E139793A0449AB2E52207757E3DEC\AVG Safeguard.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\352E139793A0449AB2E52207757E3DEC\AVG_Toolbar_CB_ALL_p3v5.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\FB1F35E956D44E4F91E2B7884DC8E009\PrintEco_p1v0.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\kenny\Application Data\OpenCandy\FB1F35E956D44E4F91E2B7884DC8E009\setup.exe (PUP.Optional.OpenCandy) -> No action taken.
 
(end)
 
I removed the threats from my computer and i just wanna know if i need to do any other scans.
 
thanks for the help.

Edited by hamluis, 20 February 2014 - 08:10 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 20 February 2014 - 04:50 PM

Re run Malwarebytes this time tick all items for removal. Then re-run again I only want to see a clean log from malwarebytes.

 

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and Attach the result.

 

Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please attach the JRT log.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please Download Emisoft Emergency Kit from here.
https://www.emsisoft.com/en/software/eek/
Save the file to your desktop.
Right click and run as administrator. (xp users double click)
Click Accept and Extract.
This file will appear on the desktop.

I7zpP8t.png
Right click it, select run as administrator. (xp users double click)
Select Emergency Kit Scanner.
rxYDlQ1.png
A pop up requesting an update will appear, select yes.
dQaKPnk.png
After the update select this option in the picture below.
ExN4ZjP.png
Now select Quarantine Detected Objects.
g5ojhHp.png
When the update has finshed, go to scan pc ,select deep scan.
5IOAvyw.png
This scan will take a long time this is normal, as it scans your entire hard drive.
Click on view report, save report to your desktop attach here in your next reply.


Edited by InadequateInfirmity, 20 February 2014 - 04:53 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:27 AM

Posted 20 February 2014 - 07:38 PM

Your Malwarebytes Anti-Malware log shows "No action taken" for PUP detections.

The default action for these detections is "Show in results list and do not check for removal"...you need to change the settings in order to remove those items. If you changed those settings previously, then double-check and make sure they were saved correctly.

Launch Malwarebytes, go to the Settings tab > Scanner Settings and Under action for PUP > Select: Show in Results List and Check for removal.

PUP-boxes.png

After doing that, rescan again with Malwarebytes
  • Make sure that everything detected is checked and then click the Remove Selected button.
  • Then click the Logs tab and copy/paste the contents of the new report in your next reply for InadequateInfirmity to review.
.
Another reason for "No action taken" can occur if you forget to click "Remove Selected" and instead just click "Save Logfile" or save the report before having Malwarebytes remove the threats.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 kevcheng

kevcheng
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 21 February 2014 - 06:47 PM

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.21.09

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

kenny :: D630-KENNY [administrator]

 

2/21/2014 4:08:24 PM

mbam-log-2014-02-21 (16-08-24).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 300753

Time elapsed: 1 hour(s), 36 minute(s), 27 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

MiniToolBox by Farbar  Version: 23-01-2014

Ran by kenny (administrator) on 21-02-2014 at 16:00:04

Running from "C:\Documents and Settings\kenny\My Documents\Downloads"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

 

Windows IP Configuration

 

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ==============================

 

========================= Hosts content: =================================

 

 

127.0.0.1       localhost

 

========================= IP Configuration: ================================

 

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)

1394 Net Adapter = 1394 Connection 2 (Connected)

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)

 

 

# ----------------------------------

# Interface IP Configuration        

# ----------------------------------

pushd interface ip

 

 

# Interface IP Configuration for "Local Area Connection"

 

set address name="Local Area Connection" source=dhcp

set dns name="Local Area Connection" source=dhcp register=PRIMARY

set wins name="Local Area Connection" source=dhcp

 

# Interface IP Configuration for "Wireless Network Connection"

 

set address name="Wireless Network Connection" source=dhcp

set dns name="Wireless Network Connection" source=dhcp register=PRIMARY

set wins name="Wireless Network Connection" source=dhcp

 

 

popd

# End of interface IP configuration

 

 

 

 

Windows IP Configuration

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Microsoft Windows XP x86

Ran by kenny on Fri 02/21/2014 at 17:50:44.21

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322282250}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322552210}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366286650}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366556610}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366286650}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366556610}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\Documents and Settings\kenny\Application Data\mozilla\firefox\profiles\nfert5j9.default\user.js

Successfully deleted the following from C:\Documents and Settings\kenny\Application Data\mozilla\firefox\profiles\nfert5j9.default\prefs.js

 

user_pref("browser.search.selectedEngine", "Conduit Search");

user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP57E573AA-C0D5-441B-BC47-2CE5479DA81C&SSP

user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP57E573AA-C0D5-441B-BC47-2CE5479DA81C&SSP

user_pref("browser.search.selectedEngine", "Conduit Search");

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 02/21/2014 at 17:54:54.51

End of JRT log

 

 

# AdwCleaner v3.019 - Report created 21/02/2014 at 17:59:20

# Updated 17/02/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : kenny - D630-KENNY

# Running from : C:\Documents and Settings\kenny\My Documents\Downloads\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : vToolbarUpdater17.3.0

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files\Level Quality Watcher

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

[!] Folder Deleted : C:\Documents and Settings\kenny\Local Settings\Application Data\AVG SafeGuard toolbar

Folder Deleted : C:\Documents and Settings\kenny\Application Data\AVG SafeGuard toolbar

Folder Deleted : C:\Documents and Settings\kenny\My Documents\optimizer pro

File Deleted : C:\Documents and Settings\kenny\Application Data\Mozilla\Firefox\Profiles\nfert5j9.default\searchplugins\conduit-search.xml

File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\caphyon

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Documents and Settings\kenny\Application Data\Mozilla\Firefox\Profiles\nfert5j9.default\prefs.js ]

 

 

[ File : C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\a2kvbnyn.default\prefs.js ]

 

 

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xehgzt1.default\prefs.js ]

 

 

*************************

 

AdwCleaner[R0].txt - [3757 octets] - [21/02/2014 17:58:17]

AdwCleaner[S0].txt - [3338 octets] - [21/02/2014 17:59:20]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3398 octets] ##########

 

Emsisoft Emergency Kit - Version 4.0

Last update: 2/21/2014 6:10:50 PM

User account: D630-KENNY\kenny

 

Scan settings:

 

Scan type: Deep Scan

Objects: Rootkits, Memory, Traces, C:\

 

Detect PUPs: On

Scan archives: On

ADS Scan: On

File extension filter: Off

Advanced caching: On

Direct disk access: Off

 

Scan start:           2/21/2014 6:13:07 PM

Value: HKEY_USERS\S-1-5-21-57989841-1383384898-842925246-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)

Value: HKEY_USERS\S-1-5-21-57989841-1383384898-842925246-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS      detected: Setting.DisableRegistryTools (A)

Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}     detected: Application.Win32.InstallAd (A)

Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}        detected: Application.Win32.InstallAd (A)

Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}        detected: Application.Win32.InstallAd (A)

 

Scanned               109909

Found   5

 

Scan end:            2/21/2014 6:44:19 PM

Scan time:           0:31:12

 

Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}     Quarantined Application.Win32.InstallAd (A)

Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}        Quarantined Application.Win32.InstallAd (A)

Value: HKEY_USERS\S-1-5-21-57989841-1383384898-842925246-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS                Quarantined Setting.DisableRegistryTools (A)

Value: HKEY_USERS\S-1-5-21-57989841-1383384898-842925246-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  Quarantined Setting.DisableTaskMgr (A)

 

Quarantined      4



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 23 February 2014 - 12:35 AM

Please scan your machine with ESET OnlineScan

You will need to disable your antivirus prior to scanning. 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I
  • accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and Remove Found Threats
  • Click Advanced settingsand select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users